Overview

overview

10

Static

static

1

ff82d39c5a...24.ps1

windows7-x64

1

ff82d39c5a...24.ps1

windows10-2004-x64

10

Analysis

  • max time kernel
    38s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2023, 15:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ff82d39c5ac755ccce282d2d096a73e772670b02925a372edcc3c312d1ec2824.ps1

  • Size

    1.0MB

  • MD5

    bcdc7823c4d700ed6432dee487b5f475

  • SHA1

    f303a0296c9467b5df54d09f0462a72e61978ed3

  • SHA256

    ff82d39c5ac755ccce282d2d096a73e772670b02925a372edcc3c312d1ec2824

  • SHA512

    9d5a2fc9d6ac49003037b2861a2b9a77246daa18e5361eb5a7e69734623fa4d5585d11ba9eee34bb7c1510f447af01a99889559f7c785f4fdfc8126279b09ad7

  • SSDEEP

    12288:a+x48PQ0D1VF5sh0cxA0JlKNmeEEPzwjQcURO73CeI/bnBBtTr4EAULQUpmt:a848PQ0D1b53cxAkt

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\ff82d39c5ac755ccce282d2d096a73e772670b02925a372edcc3c312d1ec2824.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3040-4-0x000000001B1F0000-0x000000001B4D2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/3040-6-0x000007FEF5930000-0x000007FEF62CD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3040-7-0x0000000001F10000-0x0000000001F90000-memory.dmp

    Filesize

    512KB

    Download

  • memory/3040-8-0x0000000001F10000-0x0000000001F90000-memory.dmp

    Filesize

    512KB

    Download

  • memory/3040-9-0x0000000001F10000-0x0000000001F90000-memory.dmp

    Filesize

    512KB

    Download

  • memory/3040-5-0x0000000002390000-0x0000000002398000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3040-10-0x000007FEF5930000-0x000007FEF62CD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3040-11-0x0000000001F10000-0x0000000001F90000-memory.dmp

    Filesize

    512KB

    Download

  • memory/3040-12-0x000007FEF5930000-0x000007FEF62CD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3040-13-0x0000000001F10000-0x0000000001F90000-memory.dmp

    Filesize

    512KB

    Download